10 January, 2019
We understand the recent events are creating extraordinary levels of concern and anxiety for website owners.
As a web security company, over the past weeks, we have been witnessing an increased amount of website exploitation attempts. Unfortunately, many threat actors have started to abuse the panic and discomfort of the COVID-19 pandemic to conduct special crafted malware and phishing attacks worldwide.
Now more than ever companies are counting on the web to do business, to provide suppliers, partners and customers access to info and data.
Small business owners are beginning to realise that their website will at some point be in the crosshairs of hackers. Doing nothing is simply no longer an option – after all, it’s not worth the embarrassment, loss of customer trust, the risk to their brand’s reputation or even their very survival. While most small firms have a limited budget for protecting their website and associated data, they can no longer afford the luxury of “rolling the dice” on security. It’s now time to employ tools that provide comprehensive protection by searching and closing vulnerabilities that hackers look for when targeting their next victim.
With roughly 30,000 new websites hacked every day and a clear gap in security funding and expertise, small businesses are facing an existential threat that’s climbed 300% over last year’s stats. It is becoming imperative that SMBs recognise the new reality that they are now the most common target of cybercrime. Integrating security into their daily operations is now just as important as paying employees and ordering enough product to meet demand.
Certain small businesses segments are targeted for specific attacks because they constantly interact with their client’s data (doctor offices, healthcare providers, ambulance services, even small police departments). Another common reason that businesses are specifically targeted is because of the use of outdated computers and operating systems. Microsoft stopped releasing security patches for its XP system (developed in 2001) in the fall of 2014. There is simply no way to upgrade the security on older machines or software, yet 7% of businesses worldwide still use XP for everyday client interactions despite the risks.
Despite non-stop media coverage of high-profile breaches, small business owners still lag behind their larger counterparts in shifting to become part of a better protected internet for all. Many of the breaches that occurred at Fortune 500 companies actually started with someone hacking into a small business vendor or client to use as an access point into the larger corporate network. Yet, a glaring lack of awareness about the value of personally identifying information and security best practices still leaves some SMBs dangerously perched on the slippery slope of risk, and despite growing frustration among customers.
Businesses that transmit any sensitive data (such as credit card numbers, billing addresses, etc.) should encrypt all data traffic using SSL or TSL protocols. Even though hackers have adopted SSL encryption, this still adds a necessary layer of protection that can prove vital to protection.
Hackers are turning increasingly to web applications which allow them to circumvent firewalls and network security tools to surreptitiously access your company’s “crown jewels.” Just as hackers utilise sophisticated scanners to pinpoint weaknesses, firms must adopt some form of vulnerability probe that scans for vulnerabilities that could invite unwanted interest.
Once you’ve implemented the best security barriers that you can afford, including cloud-based firewalls and application scanners, then it’s time to patch an even bigger vulnerability: your employees. By educating your workforce about the need for smarter passwords, being vigilant against phishing emails and thinking before they click, will bring immense value to your overall security investment.
Avi Bartov GamaSec CEO, GamaSec is a cyber-security company that lowers the risk and strengthens the resilience of businesses from attacks on their websites and web applications, a pre-breach tool designed to prevent cyber attacks.